GitHub

FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
References

https://nvd.nist.gov/vu…

SwaggerUI supports displaying remote OpenAPI definitions through the ?url parameter. This enables robust demonstration capabilities on sites like petstore.swagger.io, editor.swagger.io, and similar sites, where users often want to see what their OpenAP…

Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node….

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache.
References

https://nvd.nist.gov/vuln/detail/CVE-2021-36567
https://github.com/top-think/framework/issues/2561
ht…

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please …

Prototype pollution vulnerability in ‘predefine’ versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-28280
https://github.com/bigpipe/…

Apache Superset prior to 1.1.0 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard tha…

nltk is contains an Inefficient Regular Expression and is vulnerable to regular expression denial of service attacks.
References

https://nvd.nist.gov/vuln/detail/CVE-2021-3828
https://github.com/nltk/nltk/pull/2816
https://github.com/nltk/nltk/commit/…

axios is vulnerable to Inefficient Regular Expression Complexity
References

https://nvd.nist.gov/vuln/detail/CVE-2021-3749
https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
https://huntr.dev/bounties/1e8f07fc-c384-4ff9-849…

Impact
Affected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior. rand_core::BlockRng::next_u64 and rand_core::BlockRng::fill_bytes are affected.
Patches
The flaw was corrected by Ral…